Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:47 a.m.•3 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinate...

6.8CVSS7AI score0.00956EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:47 a.m.•3 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...

6.8CVSS7.9AI score0.01501EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:40 a.m.•1 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a cross-site request forgery vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/...

8.8CVSS6.4AI score0.00769EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:39 a.m.•2 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an authentication bypass vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7AI score0.01488EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:6 a.m.•3 views

Multiple cross-site scripting vulnerabilities in Webmin

Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.1CVSS6.2AI score0.01739EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•30 views

JVN#87662835: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Impact If a user accesses a malicious web page, arbitrary code may be...

6.8CVSS6.5AI score0.00956EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•41 views

JVN#71666779: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact If a user accesses a malicious web page, arbitrary code may b...

6.8CVSS6.9AI score0.01501EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•57 views

JVN#34207650: Multiple cross-site scripting vulnerabilities in Webmin

Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

6.1CVSS6.2AI score0.01739EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•30 views

JVN#39008927: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in,...

8.8CVSS8.6AI score0.00769EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•27 views

JVN#88176589: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an authentication bypass vulnerability. Impact A remote unauthenticated attacker may perform an arbitrary...

7.5CVSS7.4AI score0.01488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/03 4:58 a.m.•3 views

Business LaLa Call App for Android fails to verify SSL server certificates

Overview Business LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00667EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/03 4:31 a.m.•2 views

LaLa Call App for Android fails to verify SSL server certificates

Overview LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00667EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/03 12:0 a.m.•33 views

JVN#01014759: LaLa Call App for Android fails to verify SSL server certificates

LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provid...

5.9CVSS5.5AI score0.00667EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/03 12:0 a.m.•39 views

JVN#21114208: Business LaLa Call App for Android fails to verify SSL server certificates

Business LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the informati...

5.9CVSS5.5AI score0.00667EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/27 4:49 a.m.•2 views

CubeCart vulnerable to directory traversal

Overview CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.4AI score0.0247EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/27 12:0 a.m.•31 views

JVN#81618356: CubeCart vulnerable to directory traversal

CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. Impact A local file on the server may be accessed by a remote attacker. Solution Update the Software Update to the latest version according ...

6.5CVSS6.4AI score0.0247EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 5:12 a.m.•1 views

Knowledge vulnerable to cross-site request forgery

Overview Knowledge provided by support-project.org is an open-source knowledge base platform. Knowledge contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 4:38 a.m.•3 views

Nessus vulnerable to cross-site scripting

Overview Nessus contains a stored cross-site scripting CWE-79 vulnerability in handling .nessus files. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitra...

5.4CVSS5.8AI score0.01252EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 4:34 a.m.•1 views

smalruby-editor vulnerable to OS command injection

Overview smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

10CVSS7.8AI score0.06183EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•30 views

JVN#50197114: smalruby-editor vulnerable to OS command injection

smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...

10CVSS9.8AI score0.06183EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•37 views

JVN#12796388: Nessus vulnerable to cross-site scripting

Nessus contains a stored cross-site scripting CWE-79 vulnerability in handling .nessus files. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

5.4CVSS5.5AI score0.01252EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•29 views

JVN#09460804: Knowledge vulnerable to cross-site request forgery

Knowledge provided by support-project.org is an open-source knowledge base platform. Knowledge contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to the...

8.8CVSS8.6AI score0.00741EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/23 8:57 a.m.•4 views

Arbitrary file upload vulnerability in GigaCC OFFICE

Overview GigaCC OFFICE provided by WAM!NET Japan K.K. contains a vulnerability where arbitrary files may be uploaded. WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated...

6.5CVSS6.8AI score0.01434EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/23 8:57 a.m.•4 views

Mis-configuration of Apache Velocity template engine used to send emails in GigaCC OFFICE

Overview GigaCC OFFICE provided by WAM!NET Japan K.K. contains mis-configuration of Apache Velocity template engine which is used to send emails. WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and...

6CVSS7AI score0.00863EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/20 5:1 a.m.•3 views

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

6.8CVSS7.4AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/20 12:0 a.m.•10 views

JVN#92395431: Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that proof-of-concept co...

7.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/16 5:41 a.m.•3 views

MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal

Overview Multiple AttacheCase products provided by MaruUo Factory contain a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Kazuki Furukawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.5CVSS6.6AI score0.03417EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/16 5:35 a.m.•4 views

AttacheCase vulnerable to directory traversal

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Kazuki Furukawa reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5.5CVSS6.6AI score0.02605EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/16 12:0 a.m.•40 views

JVN#83917769: AttacheCase vulnerable to directory traversal

AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Impact Decrypting a crafted ATC file may result in creation of an arbitrary file or overwriting o...

5.5CVSS5.5AI score0.02605EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/16 12:0 a.m.•26 views

JVN#28331227: MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal

Multiple AttacheCase products provided by MaruUo Factory contain a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Impact Decrypting a crafted ATC file may result in creation of an arbitrary file or overwriting of an existing file. Solution Update the...

5.5CVSS5.5AI score0.03417EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/11 4:46 a.m.•5 views

Cybozu Remote Service Manager fails to verify client certificates

Overview Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager fails to verify client certificates. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...

4.9CVSS6.6AI score0.0045EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/11 12:0 a.m.•30 views

JVN#19241292: Cybozu Remote Service Manager fails to verify client certificates

Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager fails to verify client certificates. Impact A user may access internal web systems that do not allow access from external network. A...

4.9CVSS4.4AI score0.0045EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 5:2 a.m.•3 views

Olive Diary DX vulnerable to cross-site scripting

Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...

6.1CVSS6.1AI score0.00886EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 5:1 a.m.•3 views

WEB SCHEDULE vulnerable to cross-site scripting

Overview WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the month parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use WEB SCHEDULE WEB SCHEDULE is no longer being developed or...

6.1CVSS6.1AI score0.0085EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 4:56 a.m.•0 views

Olive Blog vulnerable to cross-site scripting

Overview Olive Blog provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the search parameter. Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

6.1CVSS6.1AI score0.00886EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 12:0 a.m.•36 views

JVN#71538099: Olive Diary DX vulnerable to cross-site scripting

Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being developed or...

6.1CVSS6AI score0.00886EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 12:0 a.m.•27 views

JVN#60879379: Olive Blog vulnerable to cross-site scripting

Olive Blog provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the search parameter. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Olive Blog Olive Blog is no longer being developed or maintained. It...

6.1CVSS6AI score0.00886EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 12:0 a.m.•33 views

JVN#12124922: WEB SCHEDULE vulnerable to cross-site scripting

WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the month parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use WEB SCHEDULE WEB SCHEDULE is no longer being developed or...

6.1CVSS6AI score0.0085EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/26 5:45 a.m.•3 views

WinSparkle issue where registry value is not validated

Overview When an application that uses WinSparkle is launched, it checks the directory used by WinSparkle for temporary files and deletes any temporary files. This directory path is specified in a registry key. In a situation where an attacker has modified the specific registry value used by this...

7.8CVSS6.8AI score0.02594EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/26 5:45 a.m.•2 views

Wireshark for Windows issue where an arbitrary file may be deleted

Overview Wireshark for Windows uses a software updating library called WinSparkle. Wireshark for Windows contains an issue where an arbitrary directory of file may be deleted due to an issue contained in WinSparkle JVN96681653. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported...

7.8CVSS6.8AI score0.02594EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/26 12:0 a.m.•32 views

JVN#96681653: WinSparkle issue where registry value is not validated

When an application that uses WinSparkle is launched, it checks the directory used by WinSparkle for temporary files and deletes any temporary files. This directory path is specified in a registry key. In a situation where an attacker has modified the specific registry value used by this library,...

7.8CVSS7.5AI score0.02594EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/26 12:0 a.m.•23 views

JVN#90813656: Wireshark for Windows issue where an arbitrary file may be deleted

Wireshark for Windows uses a software updating library called WinSparkle. Wireshark for Windows contains an issue where an arbitrary directory of file may be deleted due to an issue contained in WinSparkle JVN96681653. Impact An arbitrary directory or file may be deleted with the privileges of th...

7.8CVSS7.6AI score0.02594EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 5:26 a.m.•37 views

BlueZ userland utilities vulnerable to buffer overflow

Overview BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities. parseline function used in some userland utilities contains a buffer overflow vulnerability. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

7.8CVSS7.4AI score0.00556EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 5:26 a.m.•17 views

H2O use-after-free vulnerability

Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated...

9.1CVSS6.9AI score0.02184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 5:26 a.m.•6 views

SKYSEA Client View vulnerable to arbitrary code execution

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on t...

10CVSS7.8AI score0.1938EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 12:0 a.m.•34 views

JVN#44566208: H2O use-after-free vulnerability

H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition or obtain arbitrary information which may include t...

9.1CVSS9.3AI score0.02184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 12:0 a.m.•49 views

JVN#84995847: SKYSEA Client View vulnerable to arbitrary code execution

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client...

10CVSS9.9AI score0.1938EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 12:0 a.m.•47 views

JVN#38755305: BlueZ userland utilities vulnerable to buffer overflow

BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities. parseline function used in some userland utilities contains a buffer overflow vulnerability. Impact An attacker who can access the product may execute arbitrary code. Solution Update the Software Update to the late...

7.8CVSS7.4AI score0.00556EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 5:38 a.m.•4 views

Cybozu Garoon fails to restrict access permission in To-Dos of Space function

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in To-Dos of Space function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

4.3CVSS6.5AI score0.01056EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 5:32 a.m.•5 views

Cybozu Garoon fails to restrict access permission in MultiReport filters

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in MultiReport filters. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...

4.3CVSS6.5AI score0.01056EPSS
Exploits0References5
Total number of security vulnerabilities5625